Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

With DeepLocker, IBM researchers will demonstrate an evasive attack vector that has been developed as a proof of concept. According to IBM, DeepLocker can be used to keep ransomware or other malware hidden from traditional security tools. IBM's goal with the presentation is not to promote fear about AI, but rather to help organizations start to think about how attackers can use AI and how to minimize risks.

"DeepLocker malware is fundamentally different from any other malware we are aware of. It uses AI to hide a malicious application in benign payloads," Marc Ph. Stoecklin, principal research scientist and manager of Cognitive Cybersecurity Intelligence at IBM Research, told eWEEK. "With AI, we can conceal and hide the condition of when the malicious payload is being unlocked, making it almost impossible to reverse-engineer."

Further reading

This isn't the first time this year that IBM has presented research about the perils of artificial intelligence. At the RSA Conference in April, IBM outlined ways that an attacker could manipulate machine learning models to corrupt results and influence outcomes.

DeepLocker could be embedded into a legitimate application that is widely distributed, according to Stoecklin. The malware only deploys when certain conditions are met, such as being installed on a particular device or even when a specific end user logs in. The AI component keeps the malware hidden and is used to understand when the benign application is deployed on the right target.

One potential deployment could be for webcam conferencing technology, where the DeepLocker malware is embedded within a legitimate app. Stoecklin said the malware could be set to deploy, for example, only when it recognizes a particular user is on the webcam.

Although the potential damage from DeepLocker and AI-powered malware is immense, Stoecklin said that, to date, IBM researchers have not seen attackers using anything like DeepLocker.

How It Works

With many forms of malware, there is a need for the code to call out to a command and control node to get instructions or download a payload. By monitoring for those outbound anomalous connections, security technologies can often detect malware, but that won't work with DeepLocker.

Stoecklin said DeepLocker is entirely self-contained within the benign application and it does need to call out to the internet to deliver its malware payload.

Dhilung Kirat, research scientist at IBM Research, explained that IBM wrote custom code and trained the machine learning model beforehand so it would be ready to deploy. Kirat added that many smart applications already integrate machine learning models, and as such it's possible to hide DeepLocker alongside code that an enterprise would expect to see in an application.

Remediation

One way to detect DeepLocker is with some form of behavior-based technology that detects when an application deviates from a known good baseline. Another approach that IBM is conducting active research on is using cyber-deception to trick AI-powered malware.

Defending against DeepLocker is no easy task, but that's part of the point of why IBM created the attack and is discussing it at Black Hat USA. Stoecklin said IBM wants to raise awareness in the cyber-security industry about how artificial intelligence could influence the next generation of cyber-attacks.

"Our mission is to raise awareness that attackers will be evolving their arsenal with AI," he said. "Many of the traditional defenses won't be able to detect these new threats, so both the industry and the researchers need to come up with methods for protection."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.